1 Answer
1

The setcap on file store the capacities in an extended attribute with a call to setxattr, this extended attribute is stored like other attributes (ownership, rights...) in the filesystem.

Since kernel 2.6.24, the kernel supports associating capability sets
with an executable file using setcap(8). The file capability sets are
stored in an extended attribute (see setxattr(2)) named
security.capability.